From afd4437492be23afb1ff646d1efd334033db4772 Mon Sep 17 00:00:00 2001
From: Damian Debkowski <Damian3395@gmail.com>
Date: Fri, 24 Jun 2022 09:16:11 -0700
Subject: [PATCH] fix(error) validate credential store id when creating
 username/password credentials (#2231)

---
 .../handlers/credentials/credential_service.go    |  2 +-
 .../credentials/credential_service_test.go        | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/internal/daemon/controller/handlers/credentials/credential_service.go b/internal/daemon/controller/handlers/credentials/credential_service.go
index a45f9cd7d6..4874b12e79 100644
--- a/internal/daemon/controller/handlers/credentials/credential_service.go
+++ b/internal/daemon/controller/handlers/credentials/credential_service.go
@@ -539,7 +539,7 @@ func validateCreateRequest(req *pbs.CreateCredentialRequest) error {
 		if req.Item.GetType() != static.UsernamePasswordSubtype.String() {
 			badFields[globals.TypeField] = fmt.Sprintf("Unsupported credential type %q", req.Item.GetType())
 		}
-		if req.Item.GetCredentialStoreId() == "" {
+		if !handlers.ValidId(handlers.Id(req.Item.GetCredentialStoreId()), static.CredentialStorePrefix) {
 			badFields[globals.CredentialStoreIdField] = "This field must be a valid credential store id."
 		}
 
diff --git a/internal/daemon/controller/handlers/credentials/credential_service_test.go b/internal/daemon/controller/handlers/credentials/credential_service_test.go
index 96cc51cc05..5802575a8c 100644
--- a/internal/daemon/controller/handlers/credentials/credential_service_test.go
+++ b/internal/daemon/controller/handlers/credentials/credential_service_test.go
@@ -346,6 +346,21 @@ func TestCreate(t *testing.T) {
 			res: nil,
 			err: handlers.ApiErrorWithCode(codes.InvalidArgument),
 		},
+		{
+			name: "Invalid Credential Store Id",
+			req: &pbs.CreateCredentialRequest{Item: &pb.Credential{
+				CredentialStoreId: "p_invalidid",
+				Type:              static.UsernamePasswordSubtype.String(),
+				Attrs: &pb.Credential_UsernamePasswordAttributes{
+					UsernamePasswordAttributes: &pb.UsernamePasswordAttributes{
+						Username: wrapperspb.String("username"),
+						Password: wrapperspb.String("password"),
+					},
+				},
+			}},
+			res: nil,
+			err: handlers.ApiErrorWithCode(codes.InvalidArgument),
+		},
 		{
 			name: "Can't specify Created Time",
 			req: &pbs.CreateCredentialRequest{Item: &pb.Credential{